Add Null Cipher Get/Set to Telephony Service
PhoneInterfaceManager will set a SharedPreference and
trigger an update for each Phone instance, which corresponds
to an update for each modem on the device.
Radio Network HAL 2.1 or greater is enforced, as are relevant
read and modify permissions.
Bug: 260844152
Test: atest PhoneInterfaceManagerTest
Change-Id: I28ed69883249e94e02fb371cd2e0ba7e402a376f
diff --git a/src/com/android/phone/PhoneInterfaceManager.java b/src/com/android/phone/PhoneInterfaceManager.java
index f1cff81..0124ee1 100644
--- a/src/com/android/phone/PhoneInterfaceManager.java
+++ b/src/com/android/phone/PhoneInterfaceManager.java
@@ -17,6 +17,7 @@
package com.android.phone;
import static android.content.pm.PackageManager.PERMISSION_GRANTED;
+import static android.telephony.TelephonyManager.HAL_SERVICE_NETWORK;
import static android.telephony.TelephonyManager.HAL_SERVICE_RADIO;
import static com.android.internal.telephony.PhoneConstants.PHONE_TYPE_CDMA;
@@ -377,6 +378,9 @@
private static final int SELECT_P2 = 0;
private static final int SELECT_P3 = 0x10;
+ // Toggling null cipher and integrity support was added in IRadioNetwork 2.1
+ private static final int MIN_NULL_CIPHER_AND_INTEGRITY_VERSION = 201;
+
/** The singleton instance. */
private static PhoneInterfaceManager sInstance;
private static List<String> sThermalMitigationAllowlistedPackages = new ArrayList<>();
@@ -2418,6 +2422,11 @@
publish();
}
+ @VisibleForTesting
+ public SharedPreferences getSharedPreferences() {
+ return mTelephonySharedPreferences;
+ }
+
private Phone getDefaultPhone() {
Phone thePhone = getPhone(getDefaultSubscription());
return (thePhone != null) ? thePhone : PhoneFactory.getDefaultPhone();
@@ -3634,10 +3643,21 @@
*
* @throws SecurityException if the caller does not have the required permission
*/
- private void enforceModifyPermission() {
+ @VisibleForTesting
+ public void enforceModifyPermission() {
mApp.enforceCallingOrSelfPermission(android.Manifest.permission.MODIFY_PHONE_STATE, null);
}
+ /**
+ * Make sure the caller has the MODIFY_PHONE_STATE permission.
+ *
+ * @throws SecurityException if the caller does not have the required permission
+ */
+ @VisibleForTesting
+ public void enforceReadPermission() {
+ mApp.enforceCallingOrSelfPermission(android.Manifest.permission.READ_PHONE_STATE, null);
+ }
+
private void enforceActiveEmergencySessionPermission() {
mApp.enforceCallingOrSelfPermission(
android.Manifest.permission.READ_ACTIVE_EMERGENCY_SESSION, null);
@@ -11654,6 +11674,57 @@
}
/**
+ * Set whether the device is able to connect with null ciphering or integrity
+ * algorithms. This is a global setting and will apply to all active subscriptions
+ * and all new subscriptions after this.
+ *
+ * @param enabled when true, null cipher and integrity algorithms are allowed.
+ * @hide
+ */
+ @Override
+ @RequiresPermission(android.Manifest.permission.MODIFY_PHONE_STATE)
+ public void setNullCipherAndIntegrityEnabled(boolean enabled) {
+ enforceModifyPermission();
+ checkForNullCipherAndIntegritySupport();
+
+ // Persist the state of our preference. Each GsmCdmaPhone instance is responsible
+ // for listening to these preference changes and applying them immediately.
+ SharedPreferences.Editor editor = mTelephonySharedPreferences.edit();
+ editor.putBoolean(Phone.PREF_NULL_CIPHER_AND_INTEGRITY_ENABLED, enabled);
+ editor.apply();
+
+ for (Phone phone: PhoneFactory.getPhones()) {
+ phone.handleNullCipherEnabledChange();
+ }
+ }
+
+
+ /**
+ * Get whether the device is able to connect with null ciphering or integrity
+ * algorithms. Note that this retrieves the phone-global preference and not
+ * the state of the radio.
+ *
+ * @throws SecurityException if {@link permission#MODIFY_PHONE_STATE} is not satisfied
+ * @throws UnsupportedOperationException if the device does not support the minimum HAL
+ * version for this feature.
+ * @hide
+ */
+ @Override
+ @RequiresPermission(android.Manifest.permission.READ_PHONE_STATE)
+ public boolean isNullCipherAndIntegrityPreferenceEnabled() {
+ enforceReadPermission();
+ checkForNullCipherAndIntegritySupport();
+ return getDefaultPhone().getNullCipherAndIntegrityEnabledPreference();
+ }
+
+ private void checkForNullCipherAndIntegritySupport() {
+ if (getHalVersion(HAL_SERVICE_NETWORK) < MIN_NULL_CIPHER_AND_INTEGRITY_VERSION) {
+ throw new UnsupportedOperationException(
+ "Null cipher and integrity operations require HAL 2.1 or above");
+ }
+ }
+
+ /**
* Get the SIM state for the slot index.
* For Remote-SIMs, this method returns {@link IccCardConstants.State#UNKNOWN}
*
diff --git a/tests/src/com/android/phone/PhoneInterfaceManagerTest.java b/tests/src/com/android/phone/PhoneInterfaceManagerTest.java
index 3b6d5ee..6e4a65f 100644
--- a/tests/src/com/android/phone/PhoneInterfaceManagerTest.java
+++ b/tests/src/com/android/phone/PhoneInterfaceManagerTest.java
@@ -17,15 +17,21 @@
package com.android.phone;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertThrows;
+import static org.junit.Assert.assertTrue;
import static org.mockito.ArgumentMatchers.anyInt;
+import static org.mockito.Mockito.doNothing;
import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.doThrow;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import android.content.Context;
-import android.content.pm.PackageManager;
+import android.content.SharedPreferences;
import android.content.res.Resources;
import android.telephony.RadioAccessFamily;
import android.telephony.TelephonyManager;
@@ -50,22 +56,24 @@
@RunWith(AndroidJUnit4.class)
public class PhoneInterfaceManagerTest extends TelephonyTestBase {
private PhoneInterfaceManager mPhoneInterfaceManager;
+ private SharedPreferences mSharedPreferences;
@Mock
PhoneGlobals mPhoneGlobals;
@Mock
Phone mPhone;
- @Mock
- PackageManager mPackageManager;
@Before
@UiThreadTest
public void setUp() throws Exception {
super.setUp();
- doReturn(mPackageManager).when(mPhoneGlobals).getPackageManager();
- doReturn(false).when(mPackageManager).hasSystemFeature(
- PackageManager.FEATURE_TELEPHONY_IMS);
- mPhoneInterfaceManager = PhoneInterfaceManager.init(mPhoneGlobals);
+ // Note that PhoneInterfaceManager is a singleton. Calling init gives us a handle to the
+ // global singleton, but the context that is passed in is unused if the phone app is already
+ // alive on a test devices. You must use the spy to mock behavior. Mocks stemming from the
+ // passed context will remain unused.
+ mPhoneInterfaceManager = spy(PhoneInterfaceManager.init(mPhoneGlobals));
+ mSharedPreferences = mPhoneInterfaceManager.getSharedPreferences();
+ mSharedPreferences.edit().remove(Phone.PREF_NULL_CIPHER_AND_INTEGRITY_ENABLED).commit();
}
@Test
@@ -138,4 +146,81 @@
assertEquals("ff-Latn-BF", resultFfBf);
}
+
+ @Test
+ public void setNullCipherAndIntegrityEnabled_successfullyEnable() {
+ doReturn(201).when(mPhoneInterfaceManager).getHalVersion(anyInt());
+ doNothing().when(mPhoneInterfaceManager).enforceModifyPermission();
+ assertFalse(mSharedPreferences.contains(Phone.PREF_NULL_CIPHER_AND_INTEGRITY_ENABLED));
+
+ mPhoneInterfaceManager.setNullCipherAndIntegrityEnabled(true);
+
+ assertTrue(
+ mSharedPreferences.getBoolean(Phone.PREF_NULL_CIPHER_AND_INTEGRITY_ENABLED, false));
+ }
+
+ @Test
+ public void setNullCipherAndIntegrityEnabled_successfullyDisable() {
+ doReturn(201).when(mPhoneInterfaceManager).getHalVersion(anyInt());
+ doNothing().when(mPhoneInterfaceManager).enforceModifyPermission();
+ assertFalse(mSharedPreferences.contains(Phone.PREF_NULL_CIPHER_AND_INTEGRITY_ENABLED));
+
+ mPhoneInterfaceManager.setNullCipherAndIntegrityEnabled(false);
+
+ assertFalse(
+ mSharedPreferences.getBoolean(Phone.PREF_NULL_CIPHER_AND_INTEGRITY_ENABLED, true));
+ }
+
+ @Test
+ public void setNullCipherAndIntegrityEnabled_lackingNecessaryHal() {
+ doReturn(101).when(mPhoneInterfaceManager).getHalVersion(anyInt());
+ doNothing().when(mPhoneInterfaceManager).enforceModifyPermission();
+
+ assertThrows(UnsupportedOperationException.class, () -> {
+ mPhoneInterfaceManager.setNullCipherAndIntegrityEnabled(true);
+ });
+
+ }
+
+ @Test
+ public void setNullCipherAndIntegrityEnabled_lackingPermissions() {
+ doReturn(201).when(mPhoneInterfaceManager).getHalVersion(anyInt());
+ doThrow(SecurityException.class).when(mPhoneInterfaceManager).enforceModifyPermission();
+
+ assertThrows(SecurityException.class, () -> {
+ mPhoneInterfaceManager.setNullCipherAndIntegrityEnabled(true);
+ });
+ }
+
+ @Test
+ public void isNullCipherAndIntegrityPreferenceEnabled() {
+ doReturn(201).when(mPhoneInterfaceManager).getHalVersion(anyInt());
+ doNothing().when(mPhoneInterfaceManager).enforceModifyPermission();
+
+ assertTrue(mPhoneInterfaceManager.isNullCipherAndIntegrityPreferenceEnabled());
+ mPhoneInterfaceManager.setNullCipherAndIntegrityEnabled(false);
+ assertFalse(
+ mSharedPreferences.getBoolean(Phone.PREF_NULL_CIPHER_AND_INTEGRITY_ENABLED, true));
+ }
+
+ @Test
+ public void isNullCipherAndIntegrityPreferenceEnabled_lackingNecessaryHal() {
+ doReturn(101).when(mPhoneInterfaceManager).getHalVersion(anyInt());
+ doNothing().when(mPhoneInterfaceManager).enforceModifyPermission();
+
+ assertThrows(UnsupportedOperationException.class, () -> {
+ mPhoneInterfaceManager.isNullCipherAndIntegrityPreferenceEnabled();
+ });
+
+ }
+
+ @Test
+ public void isNullCipherAndIntegrityPreferenceEnabled_lackingPermissions() {
+ doReturn(201).when(mPhoneInterfaceManager).getHalVersion(anyInt());
+ doThrow(SecurityException.class).when(mPhoneInterfaceManager).enforceReadPermission();
+
+ assertThrows(SecurityException.class, () -> {
+ mPhoneInterfaceManager.isNullCipherAndIntegrityPreferenceEnabled();
+ });
+ }
}